Security disapears from menubar when I add a new user

[Guest]

I have been struggling with this for a few days. To this point I have
probably spent 15 - 20 hrs. Gradually bringing the problem into focus by a
process of testing and elimination. I have an mde file and a workgroup file
that goes with it. I have taken away all the permissions for the "Admin"
user logon and created an administrative logon called "sysadmin". The
database owner is "sysop" and was used for development.

If I:

- logon as sysadmin, and make or change security settings (e.g create a new
user called test)
- logoff
- logon as test, then logoff as test
- log back on as sysadmin

The three user menu options have been removed from the menu bar (User and
Group Permissions, User and Group Accounts, User Security Wizard). Under
Security there are only options for Workgroup Administrator, Encode/Decode
database and Set Database Password.

I can log on and off with different logons and nothing happens EXCEPT

- When I log on with sysop (the owner of most objects). At this point the
User items are still missing.
- Logoff
- Logon as either "sysop" or "sysadmin"

the security items appear for all three User items again.

I have tried creating a new db and importing all the objects, but the same
prolem occurs. I suspect it is something to do with some conflict between
the owner and the administration of security, but cannot even find which file
is updated for security (mSysObjects???) so that I can look at changes.
Something is overriding my menubar settings and changing what options are
available. Can some laterally thinking guru help me before I do something
nasty to the application.

 

[TC]

I have been struggling with this for a few days. To this point I have
probably spent 15 - 20 hrs. Gradually bringing the problem into focus by a
process of testing and elimination.

What, only 5-6 hours/day? Show some commitment!

I have an mde file and a workgroup file
that goes with it. I have taken away all the permissions for the "Admin"
user logon and created an administrative logon called "sysadmin". The
database owner is "sysop" and was used for development.

You do realize there are more steps than that? For example, you start
by creating a new workgroup information file with a unique workgroup
identifier (WID). And at some point you must transfer ownership of the
objects /within/ the database (as well as the database itself), away
from the normal Admin user. And so on, and so on. If you are not doing
all of those things, you should probably start agin, using a written
lst of explicit instructions, adding & omitting nothing; eg. the Access
Security FAQ, often referenced in this newsgroup.

If I:
- logon as sysadmin, and make or change security settings (e.g create a new
user called test)
- logoff
- logon as test, then logoff as test
- log back on as sysadmin

A key point here is how you start the database in order to log on as a
new user. If you start it by double-clicking the mdb file, you will be
using the default workgroup information file (system.mdw) /unless/ you
have /inappropriately/ used the workgroup administrator function to
join a different workgroup file. But if you start the mdb via a
shortcut which uses thre /wrkgrp switch to specify a workgroup file,
you would be using that specific workgroup file. If you are not already
familiar wth this issue, I'd guess that you are not following a proper
list of written instrctions; in which case, the sky is the limit, for
what can go wrong!

The three user menu options have been removed from the menu bar (User and
Group Permissions, User and Group Accounts, User Security Wizard). Under
Security there are only options for Workgroup Administrator, Encode/Decode
database and Set Database Password.

I can log on and off with different logons and nothing happens EXCEPT

- When I log on with sysop (the owner of most objects). At this point the
User items are still missing.
- Logoff
- Logon as either "sysop" or "sysadmin"

Um - the owner of "most" objects? Normally, when you secure a database,
/all/ of the user objects in the database would be owned by a selected
new user. So what are you getting at here?

the security items appear for all three User items again.

I have tried creating a new db and importing all the objects, but the same
prolem occurs. I suspect it is something to do with some conflict between
the owner and the administration of security, but cannot even find which file
is updated for security (mSysObjects???) so that I can look at changes.

Do not bother looking at any of the system tabes. They will not give
you what you want. If you want to look at permissions through code,
check out the Permissions & AllPermissions properties.

Something is overriding my menubar settings and changing what options are
available. Can some laterally thinking guru help me before I do something
nasty to the application.

HTH,
TC

 

[Guest]

I am a bit further down the road than that. I created a unique mdw file. I
set up a user ID for development called sysop. I moved all the
administration permissions to sysadmin. The application has been in use for
some years by many users - several hundred in numerous sites. It is only
recently (perhaps the last six months) that the problem emerged. At first I
thought it was a corrupt installation but I now have a few users with the
same issue.

 

[TC]

Sorry, I can't help unless you answer my questions.

- How are you starting the database?

- What did you mean by "most" objects?

TC

 

[Guest]

Finally solved it. It was not a security issue. I had a module that
provided different setups for each logon. The system administrator logon,
the normal users etc. The problem turned out to be the line
ChangeProperty "AllowFullMenus", dbBoolean, False
in the user logon was not reset to
ChangeProperty "AllowFullMenus", dbBoolean, True
in the system administrator logon.
For some reason, AllowFullMenus, if set to false, hides the User Security
menu items. As the code set the startup value when you log on, it is not
until you log on again that it is actually implemented. By logging on as a
normal user, you set the next startup condition to Full Menus as false.
It is not ideal security as a person logging on after the administrator gets
Full Menus true until they log on again. I have never found a way around it,
and from searching on the web, am not alone in this.
I hope by posting the solution, it might help someone else who runs into the
problem. Thanks to TS for your help.

 

[TC]

NevilleT wrote:

(snip)

It is not ideal security as a person logging on after the administrator gets
Full Menus true until they log on again.

Maybe after logging /off/ as administrator you could just log back /on/
as some dummy (non administrator) user set up for that purpose.

Thanks to TS for your help.

I'll pass that on to him!

TC